Posted By

jags_sonawane on 02/14/08


Tagged

sql injection


Versions (?)

Who likes this?

2 people have marked this snippet as a favorite

umang_nine
emregulcan


String Validation for Sqlinjection


 / Published in: C#
 

  1. public bool InvalidChars(string sInput)
  2. {
  3. bool functionReturnValue = false;
  4.  
  5. //Declare variables
  6.  
  7. object sBadChars;
  8. object iCounter;
  9.  
  10. //Set functionReturnValue to False
  11.  
  12. functionReturnValue = false;
  13.  
  14. //Create an array of invalid characters and words
  15.  
  16. sBadChars = array("select", "drop", ";", "--", "insert", "delete", "xp_", "#", "%",
  17.  
  18. "&",
  19. "'", "(", ")", "/", "\\", ":", ";", "<", ">", "=",
  20. "[", "]", "?", "`", "|");
  21.  
  22. //Loop through array sBadChars using our counter & UBound function
  23.  
  24. for (iCounter = 0; iCounter <= Information.uBound(sBadChars); iCounter++) {
  25.  
  26. //Use Function Instr to check presence of illegal character in our variable
  27.  
  28. if (Strings.Instr(sInput, sBadChars(iCounter)) > 0) {
  29.  
  30. functionReturnValue = true;
  31.  
  32. }
  33.  
  34. }
  35. return functionReturnValue;
  36.  
  37. }

Report this snippet  

You need to login to post a comment.